
Consumer behaviour 2026 report
New research uncovers the payment habits, preferences and priorities shaping the future of payments in the UK.
Q4 2025 brings pivotal consultations on cryptoassets, open banking, and instant payments, alongside the FCA’s safeguarding overhaul and EU instant payments deadlines. This roadmap sets out the critical reforms, timelines, and risks that payments leaders must track to stay ahead in a tightening regulatory environment.
Regulatory change spans every facet of the value chain, from consumer protection and market conduct to digital resilience and cross-border interoperability. In the UK, the Financial Conduct Authority’s (FCA) safeguarding overhaul, the expansion of Consumer Duty, and the potential removal of contactless limits illustrate the regulator’s focus on customer outcomes. Meanwhile, the Bank of England and HM Treasury continue to drive structural reform through ISO 20022 migration, the review of the digital pound, and preparations for T+1 settlement.
In the European Union (EU), regulation continues at a rapid pace. The Digital Operational Resilience Act (DORA) is now in force, PSD3 and the Payment Services Regulation are progressing through negotiations, and the Instant Payments Regulation is hardwiring real-time settlement into the Single Euro Payments Area. Alongside these initiatives, the digital euro and Markets in Crypto-Assets regulation (MiCA) are shaping the next generation of retail money and cryptoasset regulation.
Globally, the US’s GENIUS Act introduces the first federal stablecoin regime, underscoring the international dimension of digital asset oversight. Although there is convergence on stablecoin regulation, with the EU, US, and proposed legislation in the UK all stipulating full-reserve backing, prudential standards, and licensing requirements for issuers, divergence remains on scope, enforcement, and timelines.
The Payments Regulation Roadmap Q4 2025 outlines the policy landscape for payments, detailing key regulations chronologically, identifying the legal risks they pose, and suggesting next steps to address these.
Q4 2025 delivers a wave of consultations and deadlines that will set the tone for the next phase of payments regulation, from the FCA’s contactless proposals to ISO 20022 migration and EU instant payments adoption. These measures bring pressing compliance demands and operational challenges that firms must address now to avoid disruption and regulatory risk.
The FCA has launched a consultation on proposals to remove the regulatory cap of £100 on contactless transaction limits (raised from £45 in 2021). Issuers would retain discretion to set product or customer-level limits based on needs, risk appetite, and fraud prevention controls. Customers could continue to personalise their limits or disable contactless altogether.
In 2023, contactless accounted for 38% of UK payments, with a third of adults using it at least once a month. Contactless fraud rates remain low—around 1.3p per £100 spent compared with 6p per £100 for all unauthorised fraud—as reported by UK Finance’s Annual Fraud Report 2025.
David Geale, executive director of payments and digital finance at the FCA, said: “We‘re seeing smarter payment technology and more well-established fraud controls, so it’s the right time to let firms tailor contactless payments to fit their customers’ needs and drive innovation. While we wouldn’t expect to see immediate changes to limits by firms, they would have the flexibility to make payments more convenient for customers.”
The proposals are out for consultation until 15 October 2025. Responses can be submitted by online survey or by emailing [email protected].
From November 2025, CHAPS payments must use structured remittance data in pacs.008 messages. Direct Participants (DPs) may use Hybrid Addresses (part-structured, part-unstructured), although the Bank of England encourages full adoption of structured addresses.
This change aligns the UK with other jurisdictions migrating to ISO 20022 ahead of SWIFT’s retirement of the MT standard in November 2025, advancing the shift to a single, global payments messaging language.
ISO 20022 is more versatile than existing standards, supporting richer and better structured data fields, including:
The FCA is expected to consult in late 2025 or early 2026 on a new framework for cryptoasset and stablecoin trading platforms, intermediation, lending, and staking. While details are pending, the regime is likely to borrow from the EU’s Markets in Crypto-Assets Regulation (MiCA) and elements of UK financial services law, with emphasis on prudential soundness, market integrity, and consumer protection.
Trading platforms are expected to be brought within the regulatory perimeter as recognised trading venues requiring FCA authorisation. Anticipated obligations include segregation of client assets, capital adequacy, conflict-of-interest rules, and governance standards for execution and transparency.
Intermediation—defined as broking or arranging cryptoasset or stablecoin transactions for clients—may require permissions similar to those held by investment intermediaries, with disclosure duties, prudential requirements, and suitability or appropriateness checks aligned to consumer risk profiles.
Lending, where customers deposit assets with a platform in return for yield, is likely to be treated as a regulated activity akin to deposit-taking or investment contracts. This would entail prudential and liquidity standards, clear risk disclosures covering rehypothecation and counterparty default, and restrictions on misleading yield marketing.
Staking—the delegation or lock-up of cryptoassets to validate transactions in return for rewards—remains less settled. Regulators internationally are divided: some treat it as a form of collective investment scheme, while others see it as a custody-related activity.
HMT, working with the FCA, PSR and CMA, is developing a long-term regulatory framework for open banking to secure existing gains, unlock new use cases, and establish a sustainable economic model. A statutory instrument is expected in Q4 2025 anchored in the forthcoming Data (Use and Access) Bill. This legislation will create a statutory “smart data scheme”, extending portability rights beyond banking into other consumer and SME sectors.
In parallel, HMT is progressing its Finance and Performance Data Integration System (FPDIS), a cross-government programme to integrate departmental finance and performance data in near real time. The initiative aims to replace fragmented manual reporting with a unified platform, improving transparency, cutting duplication, and allowing departments to focus on delivery rather than compliance reporting. While not specific to payments, it signals the government’s wider drive to “rewire the state” and advance the Shared Services Strategy for Government.
The National Payments Vision (NPV) sets out the government’s ambition for a “world-leading payments ecosystem” underpinned by next-generation technology, competition, security, and regulatory clarity. To drive delivery, HM Treasury, the Bank of England, the FCA, the PSR, Pay.UK and industry stakeholders are represented on a new Payments Vision Delivery Committee (PVDC).
In July 2025 the PVDC announced a new model for the next generation of UK retail payments infrastructure and established the Retail Payments Infrastructure Board (RPIB) as its senior advisory group. The RPIB will translate the PVDC’s strategy into design, with its first meeting scheduled for October 2025.
The PVDC’s Payments Forward Plan, due by the end of the year, will set out a sequenced programme of retail and wholesale initiatives, including the role of digital assets, interoperability, and infrastructure modernisation.
The UK is progressing towards the creation of a Future Entity to oversee open banking standards and ensure interoperability across the ecosystem. Although still subject to legislation, the current intention is that the body will be a company limited by guarantee, operating on a not-for-profit basis. It will act as the primary standard-setting organisation for open banking APIs, with responsibilities expected to include: setting baseline technical standards, monitoring API performance, providing certification and directory services, and supporting commercial schemes through the development of multilateral standards.
The Future Entity will not itself have statutory enforcement powers. Instead, the FCA has been designated as the lead regulator for open banking under the National Payments Vision, with the authority to act where firms fall short.
The FCA intends to publish further detail on the Future Entity’s design by the end of 2025, following a series of industry workshops in autumn. No public timeline has yet been set for when the Future Entity will assume its role as the UK’s primary standard-setting body for open banking.
The final quarter of 2025 and the year ahead will see a wave of regulatory changes reshape merchant operations, from cost and compliance pressures to shifts in payments oversight and sustainability reporting. With new packaging obligations, suspended but high-impact interchange reforms, BNPL authorisation, and intensified cybersecurity standards all on the horizon, merchants must prepare for a period of complex, overlapping demands.
The FCA’s new safeguarding rules aim to strengthen protection of customer funds held by payments firms by codifying existing guidance, introducing new audit and reporting requirements, and enhancing insolvency preparedness. In-scope organisations are payment institutions and e-money institutions. The rules take effect on 7 May 2026.
Safeguarding requires customer funds to be segregated from a firm’s own money so they can be returned swiftly and in full if the firm fails. The FCA’s consultation paper CP24/20, published in September 2024, highlighted significant weaknesses: on average, only 35% of client funds were returned following insolvencies between Q1 2018 and Q2 2023.
The regulator has repeatedly raised concerns through Dear CEO letters (2019, 2020, 2021, 2023, 2025) and a critical multi-firm review in 2019. Interim guidance issued during the COVID-19 pandemic was later incorporated into the FCA’s Approach Document, but compliance gaps persisted.
Although most firms supported raising standards in CP24/20, there was pushback on proposed “end-state” measures such as statutory trusts, direct receipt into safeguarding accounts, and additional FSMA permissions for managing safeguarded investments. The FCA has therefore paused the Post-Repeal Regime, leaving the strengthened Supplementary Regime in PS25/12 as the binding standard from 2026.
Industry groups, including TPA’s Regulatory Working Group, have stressed the need for the Financial Reporting Council to publish a relevant auditing standard to support implementation.
From 28 April 2026, amendments to the Payment Services Regulations 2017 and the Payment Accounts Regulations 2015 will introduce stricter requirements for terminating framework contracts. Payment service providers (PSPs) and designated credit institutions will need to give at least 90 days’ notice for contracts entered into on or after that date, up from the current two months.
Termination notices must include sufficiently detailed and specific reasons unless disclosure would be unlawful. Consumers must also be informed of both internal complaint procedures and their right to escalate to the Financial Ombudsman Service. Exceptions are limited to defined cases such as anti-money laundering breaches, suspicion of serious crime, immigration enforcement, or public order offences.
From 15 July 2026, Deferred Payment Credit (DPC), more widely known as Buy Now Pay Later (BNPL), will be regulated as a form of credit under the Consumer Credit Act, bringing third-party providers within the scope of FCA oversight. The new regime follows sharp growth in the sector: Research from the FCA, published in May 2025, found that one in five UK adults — around 10.9 million people — had used BNPL at least once in the preceding year, up from 8.8 million in 2022.
The rules will not apply to BNPL products used to finance insurance premiums, employee borrowing schemes, or arrangements provided by registered social landlords, and will only cover agreements entered into from 15 July 2026 onwards. The Government has also confirmed that credit broking of BNPL agreements will remain exempt.
The consultation on the draft rules opened on 18 July 2025 and closes on 26 September 2025. The FCA is expected to publish a policy statement and final rules in early 2026, ahead of the regime’s commencement in July 2026.
The government has confirmed its intention to legislate for artificial intelligence (AI) but has not yet published a timeline. The FCA has welcomed the move and emphasised its commitment to a “technology-agnostic, principles-based and outcomes-focused” approach.
Rather than creating a dedicated statutory AI regulator, the government has asked existing bodies — including the FCA, CMA, ICO, Ofcom and MHRA — to apply a common set of five cross-sector principles within their own remits. These principles are: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress.
The FCA has signalled that it may review implementation of the Consumer Duty in 2026, with particular focus on whether firms are delivering good outcomes in line with its four outcomes framework: products and services, price and value, consumer understanding, and consumer support. In a recent consultation paper, the regulator has highlighted “targeted support” as a possible area for further guidance, stressing that such support should be tailored, non-advisory, and provided free of charge in most cases.
The review is expected to examine how firms evidence outcomes through data and management information, and whether board-level oversight has been embedded effectively. It will also consider the role of reputational risk where poor value or consumer harm is identified.
From late 2026 onwards, regulation begins to focus on structural reforms and cultural standards rather than immediate operational fixes. These initiatives, spanning digital money, conduct expectations, prudential reforms and settlement cycle, will shape the long-term trajectory of payments markets well into the next decade.
Recent remarks by Andrew Bailey, Governor of the Bank of England, suggest a more cautious stance on introducing a retail central bank digital currency. Bailey noted he would need “a lot of convincing” if commercial banks continue to deliver effective digital payment solutions, questioning the added benefit of a central bank-issued alternative.
This marks a shift from the Bank and HM Treasury’s position just two years earlier, when they anticipated that a digital pound could be introduced before 2030. The Bank’s April 2025 report confirmed that offline payment functionality with a digital pound is technically feasible but highlighted trade-offs around user experience, double-spending, and counterfeiting controls.
From 1 September 2026, the FCA will extend its non-financial misconduct (NFM) rules — covering behaviour such as bullying, harassment, and violence — beyond banks to all FSMA-authorised firms with Part 4A permission. Serious NFM will explicitly fall within the scope of the Code of Conduct (COCON) for individuals in non-banking firms, bringing requirements into line with the banking sector.
The FCA’s September 2025 consultation on ‘Tackling non-financial misconduct in financial services,’ which sought views to ensure consistent application of the rules across the industry, closed on 10 September 2025. The paper covered how NFM should be assessed under conduct rules, fit-and-proper tests, threshold conditions, and regulatory references.
The reforms build on the FCA and Prudential Regulation Authority’s joint Discussion Paper (DP21/2, 2021) and the FCA’s September 2023 consultation (CP23/20). The FCA reports that their proposals gained broad industry support, with 80% of authorised firms and 90% of trade bodies backing their approach.
The FCA plans to review the feedback from the consultation period and set its final regulatory approach before the end of 2025.
The new COCON rule will take effect on 1 September 2026.
In January 2025, the PRA, in consultation with HM Treasury, announced a one-year delay to the UK’s implementation of Basel 3.1 standards, moving the start date to 1 January 2027. Basel 3.1 is intended to improve banks’ measurement of risk and standardise approaches to capital calculation, making capital ratios more consistent and comparable across firms.
Although the start date has been pushed back, the PRA has confirmed that full implementation is still targeted for 1 January 2030, with transitional periods shortened to compensate. The decision reflects uncertainty around the US timetable for Basel 3.1 and the UK’s desire to maintain competitiveness and avoid misalignment with other major jurisdictions.
The UK will transition from a T+2 to a T+1 settlement cycle for securities transactions on 11 October 2027. This will require equities and bonds to settle within one business day of execution, improving efficiency and reducing counterparty risk. The Accelerated Settlement Taskforce (AST), chaired by Andrew Douglas, has been appointed to oversee and coordinate the transition, with the FCA and Bank of England providing support as observers.
International alignment is strong: the US, Canada, Mexico, and Argentina moved to T+1 in May 2024, while the EU reached a provisional agreement in June 2025 to adopt T+1 from the same date as the UK. Switzerland is also targeting October 2027. Coordinated adoption reduces the risk of settlement mismatches in cross-border trading.
Alongside the UK’s domestic agenda, international reforms are reshaping the payments landscape. From the EU’s PSD3, MiCA and Instant Payments Regulation to the US GENIUS Act on stablecoins, firms must navigate multiple regimes that increasingly converge on core principles while diverging in scope, timelines and enforcement.
From 9 October 2025, euro area Member States will be required to support instant credit transfers in euros. Adoption has so far been limited — instant transfers represented only 14% of transactions by volume and 4% by value in H2 2023, according to data from the European Central Bank.
The Instant Payments Regulation (IPR), adopted in March 2024, amends existing EU payments legislation to mandate that all payment service providers offering euro credit transfers must also offer SEPA instant payments. It requires cost parity with standard transfers, strengthens fraud prevention through Verification of Payee, and introduces daily sanctions screening obligations.
The regulation is intended to accelerate adoption of instant payments, ensuring they become widely available, affordable, and secure for consumers and businesses across the EU.
The European Commission’s proposals for the third Payment Services Directive (PSD3) and a new Payment Services Regulation (EU PSR), published in June 2023, represent the most extensive overhaul of EU payments law since PSD2 in 2016. Draft texts were issued by the Council of the EU in June 2025, with consultations and national transposition expected to run through 2026.
The package seeks to modernise payments rules in response to digitalisation, evolving fraud threats, and the growth of open banking. PSD3, as a directive, will govern licensing and supervision of payment and e-money institutions. The EU PSR, directly applicable across member states, will harmonise technical standards, consumer protections, and security obligations.
Notably, PSD3 will merge PSD2 and the E-Money Directive into a single framework, creating a unified regime for banks, payment institutions, and e-money institutions.
On July 18, 2025, President Trump signed into law the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act, creating the first comprehensive federal licensing and supervisory regime for payment stablecoins. The Act restricts issuance to licensed entities, imposes prudential and reserve requirements, and clarifies their regulatory treatment under US law.
The regime takes effect on 18 January 2027, or earlier if implementing regulations are finalised, and will be overseen by the US Treasury, OCC, Federal Reserve, FDIC, state agencies, and a new interagency Stablecoin Certification Review Committee.
The Act defines payment stablecoins as fully backed, redeemable at par, and subject to reserve segregation, audits, and monthly certifications. It also distinguishes them from securities and commodities, resolving jurisdictional overlap between the SEC and CFTC.
Foreign issuers may operate in the US only if their home regime is judged “substantially similar,” and they must maintain reserves within the US.
The European Central Bank (ECB) and European Commission are advancing plans for a retail digital euro, intended to provide a central bank–issued digital means of payment available to consumers and merchants across the euro area. The proposal aims to complement cash, strengthen monetary sovereignty, and support pan-European payments integration.
Design questions remain unresolved, including distribution models, privacy safeguards, offline functionality, and the role of intermediaries. A key issue for payment service providers is how compensation and cost-sharing will be structured, as the legislative framework continues to evolve. The timeline for adoption will extend into the late 2020s, subject to ECB testing and EU legislative progress.
The EU’s Markets in Crypto-Assets Regulation (MiCA) creates the first comprehensive pan-European framework for cryptoasset issuance, custody, trading, and marketing. It introduces licensing requirements for cryptoasset service providers (CASPs), disclosure obligations for issuers, prudential and conduct standards, and a regime for stablecoins (asset-referenced tokens and e-money tokens).
Grandfathering for existing firms ends on 1 July 2026, after which all CASPs must be MiCA-authorised to operate. Member states may apply shorter transition periods. MiCA also strengthens rules on market abuse, white papers, and marketing, and will be enforced by national competent authorities across the EU.
Payments regulation is increasingly defined by faster implementation, broader scope, and higher expectations. Regulators worldwide are embedding stronger consumer protections, mandating greater operational resilience, and tightening oversight of digital assets. At the same time, their focus is widening beyond compliance to embrace interoperability, data standards, and market integrity. This reflects the growing complexity of global payments. Regulatory foresight must be embedded into product design, technology investment, and consumer engagement. The coming years will reward those who treat regulation not as a hurdle but as a platform for trust, competitiveness, and innovation.

New research uncovers the payment habits, preferences and priorities shaping the future of payments in the UK.

New research shows vulnerable customers are strong adopters of AI and digital banking, but are far more likely to experience failed payment journeys and poorer outcomes.

UK merchants expect agentic commerce to grow rapidly, but uncertainty around liability, fraud, and standards is slowing readiness.
You need to be logged in to do this!
